<?php session_start();
require '../common/Utility.php';
require '../db/configuration.php';
require '../crud/CustomSecurity.class.php';
require '../crud/Users.class.php';
loadDB();
isAdmin();
?>
<?php
/******************************************
 * Author: <YOUR NAME HERE>
 * Description: <YOUR DESCRIPTION HERE>
 ******************************************/
class Products { 

	var $db; 
	var $id;
	var $brand;
	var $genProduct;
	var $kolichestvo;
	var $cena;
	var $userId;

	function Products($db){ 
          $this->db = $db; 
    }

	/***********************************
 	 * Remove:      Allows for the removal of record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value
 	 * Return:      (Boolean) True - Successfully Removed | False - Error
 	 ************************************/
	function remove($primaryKeyValue){ 

		//Custom SQL Injection Escaping HERE

		$statement = "DELETE FROM products WHERE id = '$primaryKeyValue'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End remove()


	/***********************************
 	 * Update:      Allows for the update of a record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value | (String) Column Name To Update | (String) New Value
 	 * Return:      (Boolean) True - Successfully Updated | False - Error
 	 ************************************/
	function update($primaryKeyValue, $columnNameToUpdate, $columnValue){ 

		//Custom SQL Injection Escaping HERE

		$statement = "UPDATE products SET $columnNameToUpdate = '$columnValue' WHERE id = '$primaryKeyValue' AND (userId=".$_SESSION['user_id']." OR userId=".$_SESSION['group_id'].")";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End update()


	/***********************************
 	 * GetAll:       Returns all the records in the database.
 	 * Parameters:   NA
 	 * Return:      (MultiDimensional-Array)String
 	 ************************************/
	function getAllAdmin(){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT id, brand, genProduct, kolichestvo, cena, userId FROM products";
		$mresults   = mysql_query($statement);

		$tokens[0] = "id";
		$tokens[1] = "brand";
		$tokens[2] = "genProduct";
		$tokens[3] = "kolichestvo";
		$tokens[4] = "cena";
		$tokens[5] = "userId";
		
		return transformResults($mresults, $tokens);

	}//End getAll()


	/***********************************
 	 * GetObject:   Returns a specific record form the batabase.
 	 * Parameters:  (Int) Primary Key Value
 	 * Return:      (Array)String
 	 ************************************/
	function getObject($primaryKeyName, $primaryKeyValue){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT brand, genProduct, kolichestvo, cena, userId FROM Products WHERE ".$primaryKeyName." = '".$primaryKeyValue."'";
		$mresults   = mysql_query($statement);

		$tokens[0] = "brand";
		$tokens[1] = "genProduct";
		$tokens[2] = "kolichestvo";
		$tokens[3] = "cena";
		$tokens[4] = "userId";
		
		return transformResults($mresults, $tokens);

	}//End getObject()


}//End Class Products
?>